In the last writeup we were able to generate logs based on file change. But that does not help us much because we again have to monitor every single machine in the environment manually which is impossible. It is certainly better if we can centralize all the logs into a single dashboard. As ELK one of the common tool to search and visualize data, we can transfer logs using Logstash to Elastic and eventually view them in Kibana dashboard.
In this blog I will show how use bot IntelMQ and ELK stack together so that the feed from IntelMQ can be pushed into the ELK for analysis. I will not go into the details of architecture for either of these as they are beyond the scope of this blog. In the previous blog post, I have already illustrated how we can install IntelMQ in Ubuntu 20.04 system using sources and use apt command to download packages and install them.
